What is Detectify?
Detectify Labs
A security research blog
App Security
Writeups
How to
Crowdsource
How I found a persistent XSS affecting thousands of career sites
Detectify Crowdsource
Persistent XSS
Team Tailor
XSS
Most read articles
How I made LastPass give me all your passwords
»
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
»
Chrome Extensions – AKA Total Absence of Privacy
»
BountyDash – A local bug bounty statistics dashboard
bug bounty
Frans Rosén
Github
Mathias Karlsson
Get research and tips from Detectify security experts and the Crowdsource hacker community
Subscribe to the Detectify Monthly Round-up
Login/logout CSRF: Time to reconsider?
login/logout CSRF
Mathias Karlsson
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
Frans Rosén
postmessage
Slack
SQLi in INSERT worse than SELECT
Mathias Karlsson
SQL Injection
Stored XSS-ing Millions Of Sites Through HTML Comment Box
CSP flaws: cookie fixation
Cookie fixation
CSP
Mathias Karlsson
postMessage XSS on a million sites
AddThis
Mathias Karlsson
postmessage
The pitfalls of postMessage
Mathias Karlsson
postmessage
Combining host header injection and lax host parsing serving malicious data
bug bounty
Fastly
Frans Rosén
Heroku
Mathias Karlsson
« Previous
1
…
3
4
5
6
7
…
10
Next »
Start securing your web apps with tech powered by Detectify Crowdsource hackers
Start a 2-week free trial of Detectify and go hack yourself